Archive for November, 2017

You may have noticed I'm rapid-firing NoScript updates to steer the new UI toward most reasonable directions emerging from your feedback.
Unfortunately (or not, in time) it couldn't ever be exactly the same as before, simply because the underlying "legacy" Firefox technology (XUL/XPCOM) is not available to extensions developers anymore. But it can become even better than before, with some patience and some.Now to the pains.
This morning version 10.1.3rc2 has been available for a couple of hours, with some important fixeds but an even more annoying regression: it erased all permissions from the TRUSTED preset except for "script" (so no objects, no media, no fonts, no background loads and so on). Worse, the checkboxes to restore them were disabled. Since then I've released 10.1.3RC3 which fixes the disabled checkboxes issue, but you still need to restore the TRUSTED permissions (I suggest to check everything, like in the screenshot before, in order to make TRUSTED sites behave as if NoScript wasn't there).
Sorry for the inconvenience, and please keep the suggestions coming, thank you.

Update

Oh, and in case you missed it (sorry, how couldn't you, since I didn't manage to write any documentation yet?), Alt+Shift+N is the convenient keyboard shortcut to #NoScript10's permission management popup :)

Based on the immediate user feedback, here's my TODO list for what I'm doing today:

Fixing the Private Browsing (Incognito) bug making the UI unusable on private windows (even though everything else, including the XSS filter, still works)

Getting rid of all the "legacy" localization strings that are creating confusion on internationalized browsers, and restart fresh with just English, refining the messages for maximum clarity and adherence with the new UI paradigm

Tweaking a bit the permissions preset system by making them customizable only on the options page, rather than in the popup, except for the CUSTOM preset.

Figuring out ways to make more apparent that

temporary permissions are still there: you just need to toggle the clock button on the preset (TRUSTED or CUSTOM) you choose: the permission will go away as soon as you close the browser;

selecting DEFAULT as a preset really means "forget about this site", even though you keep seeing its entry until you close the UI (for convenience, in case you made a mistake or change your mind);

the "lock" icon is actually another toggle button, and dictates how sites are matched: if its locked/green, as suggested by the title ("Match HTTPS only"), only sites served on secured connections will be matched, even if the rule is for a (base) domain and cascades to all its subdomains. This is a convenience to, say, make just "noscript.net" TRUSTED and match also "https://www.noscript.net" and "https://static.noscript.net" but nothttp:www.noscript.net" neither http:noscript.net".

OK, an updated guide/tutorial/manual with screenshots is sorely needed, to. One thing at a time. Back to work now!

Thanks to the Mozilla WebExtensions team, and especially to Andy, Kris and Luca, for providing the best Browser Extensions API available on any current browser, and most importantly for the awesome tools around it (like the Add-on debugger).

Thanks to the OTF and to all the users who supported and are supporting this effort financially, morally and otherwise.

Coming soon, in the next few weeks: ClearClick, ABE and a public code repository on Github.

Update

Just gave a cursory look at the comments before getting some hours of sleep:

Temporary allow is still there, one click away, just toggle the clock inside the choosen preset button.

For HTTPS sites the base domain is selected by default with cascading, while for non-secure sites the default match is the full address.

For domain matching you can decide if only secure sites are matched by clicking on the lock icon.

You can tweak your "on the fly" choices in the Options tab by searching and entering base domains, full domains or full addresses in the text box, then customizing the permissions of each.

Next to come (already implemented in the backend, working on the UI) contextual permissions (e.g. "Trust facebook.net on facebook.com only").
And yes, as soon as I get a proper sleep refill, I need to refresh those 12 years old instructions and screenshots. I know I've said it a lot already, but please keep being patient. Thank you so much!

Update 2

Update 3

I apologize for not providing a constant information feed about NoScript 10's impending release, but I've got no press office or social media staff working for me: when I say "we" about NoScript, I mean the great community of volunteers helping with user support (and especially the wonderful moderators of the NoScript forum).

By the way, as most but not all users know, there's no "NoScript development team" either: I'm the only developer, and yesterday I also had to temporarily suspend my NoScript 10 final rush, being forced to release two emergency 5.x versions (5.1.6 and 5.1.7) to cope with Firefox 58 compatibility breakages (yes, in case you didn't notice, "Classic" NoScript 5 still works on Firefox 58 Developer Edition with some tricks, even though Firefox 52 ESR is still the best "no surprises" option).

Anyway, here's my update: the week, at least in Italy, finishes on Sunday night, there's no "disaster recovery" going on, and NoScript 10's delay on Firefox 57's release is still going to be measured in days, not weeks.

Back to work now, and thank you again for your patience and support :)